DOT sweeps away Web cookies

Related Links

The Transportation Department said Friday that it has deleted "persistent cookies" from all of its Web sites and has developed procedures to keep cookies off its Web sites in the future.

The DOT announcement came four days after Sen. Fred Thompson (R-Tenn.) identified the agency as the worst offender among seven agencies violating federal regulations against cookies, which are bits of computer code planted in Web site visitors' computers to track online activity.

The use of persistent cookies by government Web sites was deemed a violation of federal privacy regulations, and they were banned in almost all circumstances. "Session cookies," which vanish at the end of a Web user's visit, are not banned.

Thompson said persistent cookies were discovered on 23 DOT Web sites, and the Federal Aviation Administration operated 20 of those sites.

Persistent cookies also were found on 41 other federal Web sites.

DOT Web sites stopped using cookies shortly after the agency's inspector general discovered them in February, an agency spokesman said. But cookies turned up during a Web page audit that was required by legislation Thompson tacked on to DOT's 2001 Appropriations Act.

"For the most part, [the cookies] were inadvertent," the spokesman said. In some instances, the capability to plant cookies was added to Web sites when pages were upgraded. Often, cookie capabilities were added in software unbeknownst to DOT Web managers, he said.

To prevent that from happening in the future, DOT has developed "a cookie checklist" that Web managers must follow to weed the cookies out, he said.

Cookie use was banned except in rare instances last June by the Clinton administration, and that ban remains in effect, said Chris Ullman, a spokesman for the Office of Management and Budget. "We expect [federal agencies] to be in compliance with it."

In addition to the 23 DOT sites, cookies were discovered on 15 sites at the General Services Administration; 11 at the Energy Department; six at the Treasury Department; four at the Education Department; three at NASA; and two at the Interior Department.

The 16 agencies that have reported represent about a third of the federal agencies required to perform Web site audits.